Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2022-49675

Disclosure Date: February 26, 2025 •

CVE-2022-49675

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

tick/nohz: unexport __init-annotated tick_nohz_full_setup()

EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.

modpost used to detect it, but it had been broken for a decade.

Commit 28438794aba4 (“modpost: fix section mismatch check for exported
init/exit sections”) fixed it so modpost started to warn it again, then
this showed up:

MODPOST vmlinux.symvers

WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
The symbol tick_nohz_full_setup is exported and annotated __init
Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.

Drop the export because tick_nohz_full_setup() is only called from the
built-in code in kernel/sched/isolation.c.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2022-49675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49675)

Miscellaneous

https://git.kernel.org/stable/c/c4ff3ffe0138234774602152fe67e3a898c615c6

https://git.kernel.org/stable/c/f4a80ec8c51d68be4b7a7830c510f75080c5e417

https://git.kernel.org/stable/c/ea32b27e2f8c58c92bff5ecba7fcf64b97707089

https://git.kernel.org/stable/c/2390095113e98fc52fffe35c5206d30d9efe3f78

Rapid7

Unknown

CVE-2022-49675

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49675

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-49675

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49675

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification